Thai data breach puts 2,000-plus expats’ details online
The personal details of more than 2,000 foreign nationals living in southern Thailand were briefly posted online over the weekend, sparking safety fears.
According to reports in the Bangkok Post and other regional media outlets, the accidental leak was sourced on Monday to a website developer who admitted to having introduced the error while doing work on a site for Thai Immigration Police.
Users of online media sounded the alarm late on Sunday, Thailand time, after they spotted the names, addresses, professions and passport numbers of what were said to be more than 2,000 expatriates on a database, the reports, in such publications as the Bangkok Post and ChannelNewsAsia, said.
The data on the expatriates had been compiled and was being used in connection with a much-publicised crackdown on foreigners who overstay their visas. As reported in International Investment in January, a “Good guys in, bad guys out” informational campaign accompanied the introduction into law of new, harsher immigration rules, which came into force on 20 March.
The website carried an immigration police seal but used a private Thai web address, not usually associated with government sites. The site was briefly openly available without a password, and some users guessed the site’s less-than-secure administration password: 12345.
It was taken down early Monday, but not before the site’s existence had gone viral, the reports said.
Thai Deputy Prime Minister Prawit Wongsuwon has since ordered the removal of the foreigners’ data from the website, defence spokesman Khongcheep Tantravanich said on Monday.
Foreigners ‘concerned about safety’
The Government ordered the data removal as some foreigners were said to be “concerned about their safety” because their specifics were released to the public, according to Khongcheep.
The data was said to be of foreigners living specifically in Thailand’s southern provinces, principally Nakhon Si Thammarat province.
According to the press reports, an online digital advocacy group known as Thai Netizens tracked down the website’s owner, a developer called Akram Aleeming, who later posted a statement on Facebook saying the site had mistakenly been made public during testing stages.
“We were doing a demo,” Aleeming reportedly told AFP, the Paris-based newswire. “As people were concerned it might affect security, we closed it [the website].”
Surreal cartoon video
The informational campaign that accompanied the crackdown on foreigners who overstay their visas included a surreal cartoon video (pictured above), featuring a uniformed cartoon character who spells out the details of the new regulations, which include the possibility of foreigners who overstay their visa from being banned from re-entering Thailand for up to 10 years. The video may be still be viewed on the Thai Immigration Office’s website by clicking here.
The expat data breach is the latest in a series of cyber-failures to hit the Thai government, which, according to press reports, has seen the websites for its police, courts and corrections departments all hacked over the past 12 months.